Veracode Vulnerability DatabaseVERACODE:20056Cross-site Scripting (XSS)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Foreman is vulnerable to cross-site scripting attacks. Remote unauthenticated attacker could exploit the Facts Submission component by injecting arbitrary html and script code into the web site which would alter the appearance and make it possible to initiate further attacks against site visitors.
References
projects.theforeman.org/issues/21519
projects.theforeman.org/issues/21519
access.redhat.com/documentation/en-us/red_hat_satellite/6.4/html/release_notes/
access.redhat.com/errata/RHSA-2018:2927
access.redhat.com/security/cve/CVE-2017-15100
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1052713
bugzilla.redhat.com/show_bug.cgi?id=1060745
bugzilla.redhat.com/show_bug.cgi?id=1155817
bugzilla.redhat.com/show_bug.cgi?id=1177766
bugzilla.redhat.com/show_bug.cgi?id=1197650
bugzilla.redhat.com/show_bug.cgi?id=1260733
bugzilla.redhat.com/show_bug.cgi?id=1265533
bugzilla.redhat.com/show_bug.cgi?id=1291730
bugzilla.redhat.com/show_bug.cgi?id=1295741
bugzilla.redhat.com/show_bug.cgi?id=1312098
bugzilla.redhat.com/show_bug.cgi?id=1328707
bugzilla.redhat.com/show_bug.cgi?id=1349150
bugzilla.redhat.com/show_bug.cgi?id=1356517
bugzilla.redhat.com/show_bug.cgi?id=1357256
bugzilla.redhat.com/show_bug.cgi?id=1372468
bugzilla.redhat.com/show_bug.cgi?id=1372731
bugzilla.redhat.com/show_bug.cgi?id=1379291
bugzilla.redhat.com/show_bug.cgi?id=1382069
bugzilla.redhat.com/show_bug.cgi?id=1386283
bugzilla.redhat.com/show_bug.cgi?id=1386908
bugzilla.redhat.com/show_bug.cgi?id=1389820
bugzilla.redhat.com/show_bug.cgi?id=1400058
bugzilla.redhat.com/show_bug.cgi?id=1409485
bugzilla.redhat.com/show_bug.cgi?id=1410264
bugzilla.redhat.com/show_bug.cgi?id=1410746
bugzilla.redhat.com/show_bug.cgi?id=1412596
bugzilla.redhat.com/show_bug.cgi?id=1416106
bugzilla.redhat.com/show_bug.cgi?id=1417015
bugzilla.redhat.com/show_bug.cgi?id=1417130
bugzilla.redhat.com/show_bug.cgi?id=1419060
bugzilla.redhat.com/show_bug.cgi?id=1425609
bugzilla.redhat.com/show_bug.cgi?id=1426739
bugzilla.redhat.com/show_bug.cgi?id=1428541
bugzilla.redhat.com/show_bug.cgi?id=1430022
bugzilla.redhat.com/show_bug.cgi?id=1430742
bugzilla.redhat.com/show_bug.cgi?id=1435973
bugzilla.redhat.com/show_bug.cgi?id=1439353
bugzilla.redhat.com/show_bug.cgi?id=1443505
bugzilla.redhat.com/show_bug.cgi?id=1443804
bugzilla.redhat.com/show_bug.cgi?id=1449011
bugzilla.redhat.com/show_bug.cgi?id=1452772
bugzilla.redhat.com/show_bug.cgi?id=1455006
bugzilla.redhat.com/show_bug.cgi?id=1455132
bugzilla.redhat.com/show_bug.cgi?id=1458383
bugzilla.redhat.com/show_bug.cgi?id=1458573
bugzilla.redhat.com/show_bug.cgi?id=1458754
bugzilla.redhat.com/show_bug.cgi?id=1464219
bugzilla.redhat.com/show_bug.cgi?id=1464512
bugzilla.redhat.com/show_bug.cgi?id=1468354
bugzilla.redhat.com/show_bug.cgi?id=1468359
bugzilla.redhat.com/show_bug.cgi?id=1470014
bugzilla.redhat.com/show_bug.cgi?id=1470761
bugzilla.redhat.com/show_bug.cgi?id=1474348
bugzilla.redhat.com/show_bug.cgi?id=1475121
bugzilla.redhat.com/show_bug.cgi?id=1478849
bugzilla.redhat.com/show_bug.cgi?id=1482540
bugzilla.redhat.com/show_bug.cgi?id=1483033
bugzilla.redhat.com/show_bug.cgi?id=1485805
bugzilla.redhat.com/show_bug.cgi?id=1486297
bugzilla.redhat.com/show_bug.cgi?id=1486782
bugzilla.redhat.com/show_bug.cgi?id=1487710
bugzilla.redhat.com/show_bug.cgi?id=1488291
bugzilla.redhat.com/show_bug.cgi?id=1489377
bugzilla.redhat.com/show_bug.cgi?id=1498588
bugzilla.redhat.com/show_bug.cgi?id=1500593
bugzilla.redhat.com/show_bug.cgi?id=1508551
bugzilla.redhat.com/show_bug.cgi?id=1515888
bugzilla.redhat.com/show_bug.cgi?id=1516623
bugzilla.redhat.com/show_bug.cgi?id=1527896
bugzilla.redhat.com/show_bug.cgi?id=1536487
bugzilla.redhat.com/show_bug.cgi?id=1538448
bugzilla.redhat.com/show_bug.cgi?id=1538479
bugzilla.redhat.com/show_bug.cgi?id=1539076
bugzilla.redhat.com/show_bug.cgi?id=1545314
bugzilla.redhat.com/show_bug.cgi?id=1552632
bugzilla.redhat.com/show_bug.cgi?id=1553869
bugzilla.redhat.com/show_bug.cgi?id=1553994
bugzilla.redhat.com/show_bug.cgi?id=1555310
bugzilla.redhat.com/show_bug.cgi?id=1557067
bugzilla.redhat.com/show_bug.cgi?id=1564577
bugzilla.redhat.com/show_bug.cgi?id=1570808
bugzilla.redhat.com/show_bug.cgi?id=1572290
bugzilla.redhat.com/show_bug.cgi?id=1572297
bugzilla.redhat.com/show_bug.cgi?id=1572305
bugzilla.redhat.com/show_bug.cgi?id=1579384
bugzilla.redhat.com/show_bug.cgi?id=1595777
bugzilla.redhat.com/show_bug.cgi?id=1608447
github.com/theforeman/foreman/pull/4967
github.com/theforeman/foreman/pull/4967
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N